I'm running the Hudson continuous integration
server<https://hudson.dev.java.net/>webapp on Tomcat 6.0 on a Windows
machine. To perform a build, I have Hudson
invoking an Ant build script. At one point, the build script needs to upload
a file to a Linux machine. I can think of two ways to accomplish this:
- FTP
- filesystem paths via Samba
I've taken the latter approach, and I've set up a Samba server on that Linux
machine. ("Why not use FTP?", you ask. Well, soon enough I'll give that a
try.)
I wrote a very simple Ant target to capture this problem. Instead of an *
upload*, it *downloads *a file from the Linux server. There are three
scenarios in which I've tried running this Ant target:
#1 First, I invoke it manually without first mapping a network drive. I get
a message:
"Warning: Could not find file \\REPOSITORIES\... to copy."
My Samba log shows this:
check_ntlm_password: Authentication for user [www-data] -> [www-data]
FAILED with error NT_STATUS_NO_SUCH_USER
...
guest user (from session setup) not permitted to access this share (ivy)
#2 Next, I map a network drive and enter a username and password matching
credentials I've input using the Samba smbpasswd utility. Now when I invoke
Ant manually to do the copy, it works.
My Samba log shows this (where "philadelphia" is the name of the Windows
machine running Hudson):
...
check_ntlm_password: authentication for user [mgitman] -> [mgitman] ->
[mgitman] succeeded
...
philadelphia (::ffff:192.168.0.105) connect to service ivy initially as
user mgitman (uid=1000, gid=1000) (pid 6967)
...
mgitman opened file ... read=Yes write=No (numopen=1)
...
mgitman closed file ... (numopen=0) NT_STATUS_OK
#3 Finally, I launch a build on Hudson to trigger the same Ant target. I get
the same error message as I did manually before mapping the network drive:
Warning: Could not find file \\REPOSITORIES\... to copy.
My Samba log shows this:
guest user (from session setup) not permitted to access this share (ivy)
At first I thought this was a problem with Hudson specifying the wrong
username. By default, Hudson sets the system property user.name to HUDSON$ and
the environment variable USERNAME to HUDSON$. But even when I manually
specify the username, I get the same problem, and as you can see from the
log output above, no username is getting sent anyway.
Then I thought this might have something to do with Tomcat running under a
more restrictive security policy. So I tried replacing the catalina.policy
file in the Tomcat conf directory with the java.policy from the JDK, of
course renaming the replacement to catalina.policy. But no, same problem.
Then I tried configuring the Hudson webapp to use basic authentication and
have the username and password be the same as one of those recognized by
Samba. That didn't work either.
So basically, the credentials I input when mapping the network drive get
picked up when invoking Ant by hand (scenario #2), but they don't get picked
up when it is Hudson running on Tomcat that is invoking Ant (scenario #3).
Well, I already have those directories exposed over HTTP. You might have
noticed the www-data user from Apache 2 showing up in the first log. So it
wouldn't be a big deal to add the FTP. Still, it's odd that Samba should
work manually but not with Hudson on Tomcat. I'm left asking, what's the
difference?
